It seems that Apple’s Face ID isn’t the only biometric authentication system that has been fooled recently, as researchers have managed to trick Windows Hello with a mere photo. Multiple versions of Windows 10 are affected, across different hardware configurations.
The research was conducted by German firm SYSS, are reported by ZDNet (via The Verge), in which tests were conducted against older versions of Windows prior to its Windows 10 Anniversary Update, by setting up the lock system with a fresh scan and attempting to unlock it via an infrared photograph of the registered user.
Microsoft’s anti-spoofing feature of Windows Hello did little to protect the system before the Creators Update, but it was found that even those updated to the Creators Update or even the later Fall Creators Update were still vulnerable if the anti-spoofing feature is disabled.
Furthermore, those that had previous set up the authentication system prior to these critical updates can still be susceptible to the attack. The security researchers are urging anyone that uses Windows 10’s Windows Hello functionality should redo the facial recognition software process once again, just to be safe.
Unlocking a device with a mere photo is quite concerning, but this only worked when the attacker is in possession of a well-positioned infrared image of the registered user. Of course, this is less sophisticated than the methods to currently bypass the iPhone X’s Face ID, but more complex than the relatively simply methods used to spoof the Samsung Galaxy S9 facial scanner.
KitGuru Says: I’ve said this a lot, but the technology is still rather early in its consumer life, so there’s plenty that still needs working on. Windows Hello is something I still use, but I find it oddly hit and miss unless your laptop is forever pointing in one direction. Do you use facial recognition software?